NewGrow your business with our new Teams plan. Learn more

Capsule and the GDPR - Part 2

Today (May 25th) the new General Data Protection Regulations comes into force. The GDPR is the biggest shake up to data regulation and protection for a generation. Our first blog post about the GDPR covered recording consent within your Capsule account and introduced some new features to assist with your compliance, such as responding to subject access requests and deleting data permanently. We’d like to take this opportunity to share with you some more information about what we have been doing to prepare for the GDPR, and offer tips to help with your compliance.

New Customer Terms, Privacy Policy and Data Processing Agreement

By now you’ve hopefully had chance to read our new Customer Terms, Privacy Policy and our Data Processing Agreement. If you continue to use Capsule from today, we’ll assume that you’ve both read and agree with these documents. There is no need to sign any of these documents as your continued use of Capsule automatically indicates consent.

EU Data Protection Documentation and GDPR FAQs

The GDPR affects anyone storing or processing information about EU citizens, and we now have a dedicated support document intended to help our customers who are storing information about contacts in the EU assess their compliance. It includes details about where we host Capsule data, our obligations as your Data Processor and encryption of Capsule data.

For more reading, we’ve a prepared comprehensive list of GDPR FAQs which may be useful if you are required to perform a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA). They cover Capsule’s responsibility as a Data Controller of your personal data, and yours as the Data Controller for your contact’s information.

New Social Search Integration

Previously Capsule would use contact details to automatically find social networks and profile images to enrich your contact profiles. With the GDPR we’ve now disabled this functionality by default and added a new optional Social Search Integration to Capsule.

The GDPR doesn’t allow you to assume that you can use anyone’s publicly available contact information, such as social network profiles or pictures. With the new Social Search Integration you now have greater control over what social network information is retrieved in line with your agreements or privacy policy with your contacts.

Capsule honors the privacy controls of each network when searching for profiles, and as a result you’ll only see matches where the contact has made their profile public.

For instructions on how to enable the Social Search in your account, please see this support document.

If you’re already taking advantage of our Website Contact Form Integration to capture new leads straight into Capsule, you may wish to also record marketing consent at the same time. All you need is a custom field and our Website Contact Form included on your website.

Follow the steps here to get setup with our Website Contact Form and begin recording consent with your new leads.

Please email us if you have any questions and we’ll be happy to answer.

Capsule and the GDPR

We’re sure you’ve already heard of the GDPR by now and have some questions on how to deal with it. We’ve put together an overview of the GDPR and Capsule, and answered your questions to help you work within the new regulations.

This post is to assist you in using Capsule, but should not be regarded as legal advice. If you have questions on how the GDPR will affect your business we recommend you seek legal advice.

What is the GDPR?

On May 25, 2018, a new EU privacy regulation will come into effect called the General Data Protection Regulation (GDPR). It imposes tougher obligations on businesses with regards to how they collect, store and manage personal data of EU citizens, regardless of whether the data processing takes place in the EU or not.

Does the GDPR affect Capsule customers?

The GDPR will affect anyone who stores personally identifiable information of any EU citizen. Personally identifiable information can be a name, email, address, date of birth, personal interests, unique identifiers, digital footprints and more.

What is Capsule doing to prepare for the GDPR?

We’ve always taken data privacy and security practices very seriously. In light of the GDPR we have reviewed our data processes and practices to ensure we’re fully compliant by May 25, 2018. For example we are:

  • Putting in place a new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.
  • Updating our Privacy Policy to ensure our compliance in respect of the data we hold about you.
  • Reviewing Capsule’s functionality to consider whether we can make any improvements that make Capsule more efficient for users who are subject to the GDPR.

Features to help you with compliance

While the GDPR can initially seem demanding, the emphasis behind it is about respecting your customer’s data and processing only the data that you need. We already have features in place to help you manage your customer’s data correctly. Here’s a list of some features and suggestions to help you with compliance:

With the GDPR you need to have lawful basis for processing personal data, consent is one of them. If you need to record consent, there are several ways you could do this.

Alongside your customer’s contact details, you could choose to add a Custom Field such as a check box for consent and can also choose to add a date field to record when consent was given.

You could also use Capsule’s tag features to tag contacts who have consented to you contacting them again. Particularly powerful are Capsule’s DataTags which allow you to record additional information with a tag. For example, you might want to record the date of consent given alongside the tag. Capsule will prompt you to enter these fields when you apply the tag to a contact.

Responding to data requests

An individual may request access to the data you have stored about them in Capsule. This is sometimes referred to as a “Subject Access Request”. To help with this kind of request we’ve built a new Print Summary feature. This allows you to export the individual’s contact data and all information held on them, including their entire communication history in one file.

To use this new feature, start out by opening a contact in Capsule. From their record click the action arrow, then choose ‘Print Summary’ and a new tab will open in your browser. From here you can copy the information to your computer and paste it into a word processor, or you can use the print function in your browser to create a PDF from the information.

Deleting data permanently

You may wish to remove data that is no longer being used for its original purposes before May 25. Also, under the GDPR there is emphasis on the right to be forgotten, enabling an individual to request that their data be deleted. You can delete a single contact and also delete a list of contacts. These deleted records are stored in the trash for 30 days before they are permanently deleted. However, when asked to remove the contact immediately, Capsule’s account owner can permanently delete individual records by going to the trash and permanently deleting them using the delete function.

External Resources

If you’re looking to understand more about GDPR, we suggest you review the advice given by the UK Information Commission Office (ICO), they are responsible for implementing the GDPR legislation in the UK. They provide practical advice such as an overview including key areas for Data Controllers to consider and get in place for May 2018, along with their 12 steps to take now.

The Information Commissioner has also started posting a series of myth-busting articles that set out to explain that GDPR is an evolution, not a revolution and which clarifies questions like “Do you require consent to process personal data?”.

What’s next?

We’ll be sending an email soon with details of our new Data Processing Agreement which comes into effect from May 25, 2018. Keep checking our blog for updates around the GDPR and new features.

Updated on 17/04/2018

We hope this answers some of your questions and makes working with the GDPR within Capsule easier for you! Please email us if you have any questions and we’ll be happy to answer.